Russell Coker <russell(a)coker.com.au> wrote:
The problem is that famd is an application which accepts network
connections,
wants read access to every file that any user can access. If you want to
have a secure system you don't want many such programs.
Surely it doesn't need access to the file contents - just to stat them, so
access to directories (still a security issue, I agree).
Remote famd operation is only for non-polling notifications over the
network.
For most people having polling for file status changes on NFS will probably
be OK.
I agree with disabling remote famd, but the original post appeared to be
disabling the daemon entirely, which I expect would prevent local file
monitoring too. Or do gnome/kde use dnotify directly?
Also, I thought RH/Fedora already shipped with remote famd disabled.
Cheers,
Martin.